United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nihil Stall-, l'atint ami Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/597,864 08/1 

27045 7590 

ERICSSON INC. 
6300 LEGACY DRIVE 
M/SEVR 1-C-ll 
PLANO, TX 75024 



PAPER NUMBER 



NOTIFICATION DATE | DELIVERY MODE 
04/01/2010 ELECTRONIC 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 

Notice of the Office communication was sent electronically on above-indicated "Notification Date" to the 
following e-mail address(es): 

kara.coffman @ ericsson.com 
jennifer.hardin@ericsson.com 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/597,864 


Applicant(s) 

BLOM ET AL. 


Examiner 

SYED ZIA 


Art Unit 

2431 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 10 August 2006 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 30-58 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 30-58 is/are rejected. 

7) 0 Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) ^ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)E| All b)D Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-413) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

El Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 

PTOL-326 (Rev. 08-06) Office Action Summary Part of Paper No./Mail Date 2009121 7 



Application/Control Number: 10/597,864 
Art Unit: 2431 



Page 2 



DETAILED ACTION 

This office action is in response to application filed August 10, 2006. Claims 30-58 are 
pending. 

Claim Rejections - 35 USC §102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public use or on 
sale in this country, more than one year prior to the date of application for p;itcnt in the United States. 

Claims 30-58 are rejected under 35 U.S.C. 102(e) as being anticipated by Yamaguchi et 
al. (U. S. Patent No.: 5,604,807). 

1. Regarding Claim 30, Yamaguchi teach and describes a method of establishing a session 
key shared between a first network element of a first network domain and a second network 
element of a second network domain, said first network domain comprising first cryptographic 
means and means for sharing a secret key with said second network domain comprising second 
cryptographic means, said method comprising the steps of: said first cryptographic means 
generating a freshness token; said first cryptographic means generating said session key based on 
said shared secret key and said generated freshness token; providing said session key (K) to said 
first network element; providing said freshness token to said second cryptographic means; said 
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second cryptographic means generating a copy of said session key based on said shared secret 
key and said provided freshness token; and, providing said copy of said session key to said 
second network element (Fig. 1 1-13, and col. 10 line 35 to col. 13 line 35). 

2. Regarding Claim 3 1 , Yamaguchi teach and describes a method of enabling secure 
communication between a first network element of a first network domain and a second network 
element of a second network domain, said first network domain comprising first cryptographic 
means and means for sharing a secret key with said second network domain comprising second 
cryptographic means, said method comprising the steps of: said first cryptographic means 
generating a freshness token; said first cryptographic means generating said session key based on 
said shared secret key and said generated freshness token; providing said session key to said first 
network element; providing said freshness token to said second cryptographic means; said 
second cryptographic means generating a copy of said session key based on said shared secret 
key and said provided freshness token; providing said copy of said session key to said second 
network element; and, said first network element and said second network element securely 
communicating based on said session key and said copy of said session key (Fig. 1 1-13, and 

col. 10 line 35 to col. 13 line 35). 

3. Regarding Claim 42, Yamaguchi teach and describes a system of establishing a session 
key shared between a first network element of a first network domain and a second network 
element of a second network domain, said first network domain sharing a secret key with said 
second network domain, wherein said first network domain comprises: first cryptographic means 



Application/Control Number: 10/597,864 Page 4 

Art Unit: 2431 

for generating a freshness token and for generating a session key based on said shared secret key 
and said generated freshness token; means for providing said session key from said first 
cryptographic means to said first network element; and, means for providing said freshness token 
to said second network domain; wherein said second network domain comprises: second 
cryptographic means for generating a copy of said session key based on said shared secret key 
and said provided freshness token; and, means for providing said copy of said session key from 
said second cryptographic means to said second network element (Fig.l 1-13, and col. 10 line 35 
tocol.l31ine35). 

4. Regarding Claim 43, Yamaguchi teach and describes a system of enabling secure 
communication between a first network element of a first network domain and a second network 
element of a second network domain, said first network domain sharing a secret key with said 
second network domain, wherein said first network domain comprises: first cryptographic means 
for generating a freshness token and for generating a session key based on said shared secret key 
and said generated freshness token; means for providing said session key from said first 
cryptographic means to said first network element; and, means for providing said freshness token 
to said second network domain; said second network domain comprises: second cryptographic 
means for generating a copy of said session key based on said shared secret key and said 
provided freshness token; and, means for providing said copy of said session key from said 
second cryptographic means to said second network element, said first network element 
comprises means for conducting secure communication with said second network element based 
said session key and said second network element comprises means for conducting secure 
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communication with said first network element based on said copy of said session key (Fig. 11- 
13, and col.10 line 35 tocol.13 line 35). 

5 . Regarding Claim 5 1 , Yamaguchi teach and describes a network domain comprising: a 
first network element adapted for communication with a second network element of an external 
network domain, wherein said network domain and said external network domain sharing a 
secret key; cryptographic means for generating a freshness token and for generating a session 
key based on said shared secret key and said generated freshness token; means for providing said 
session key from said cryptographic means to said first network clement; and, means for 
providing said freshness token to said external network domain, wherein said external network 
domain comprises means for generating a copy of said session key for said second network 
element based on said shared secret key and said provided freshness token (Fig. 1 1-13, and col.10 
line 35 tocol.13 line 35). 

6. Regarding Claim 55, Yamaguchi teach and describes a network domain comprising: a 
first network element adapted for communication with a second network element of an external 
network domain, wherein said network domain and said external network domain sharing a 
secret key; cryptographic means for generating a session key based on said shared secret key and 
a freshness token provided from said external network domain; and, means for providing said 
session key from said cryptographic means to said first network element, wherein said external 
network domain comprises means for generating said freshness token and for generating a copy 
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of said session key for said second network element based on said shared secret key and said 
generated freshness token (Fig. 1 1-13, and col.10 line 35 to col.13 line 35). 

5. Claims 32-41, 44-50, 52-54, and 56-58 are rejected applied as above rejecting Claim 30- 
31, 42-43, 51 and 55. Furthermore, Yamaguchi teaches and describes a system and method 
establishing a session key shared between a first network element of a first network domain and 
a second network element of a second network domain, said first network domain sharing a 
secret key with said second network domain, wherein said first network domain comprises, 
wherein, 

As per Claim 32, said session key providing step comprises the step of securely providing 
said session key to said first network element and said session key copy providing step 
comprises the step of securely providing said copy of said session key to said second network 
element (col.10 line 35 to col.l 1 line 50). 

As per Claim 33, said freshness token comprises a random challenge and said method 
further comprises the steps of: said first cryptographic means generating an expected response 
based on said shared secret key and said random challenge; providing said expected response to 
said first network element; said second cryptographic means generating a response based on said 
shared secret key and said provided random challenge; providing said response to said first 
network element; and, said first network element authenticating said second network element 
based on a comparison between said expected response and said response (col.10 line 35 to 
colli line 50). 
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As per Claim 34, said first cryptographic means comprises an Authentication and Key 
Agreement (AKA) algorithm for generating said random challenge, said expected response and 
said session key, and said second cryptographic means comprises an AKA algorithm for 
generating said response and said copy of said session key (col.l 1 line 51 to col. 13 line 35). 

As per Claim 35, further comprising the steps of: said first network element providing an 
identifier associated with said second network domain to said first cryptographic means; and, 
said second network element providing an identifier associated with said first network domain to 
said second cryptographic means (col.l 1 line 51 to col. 13 line 35).. 

As per Claim 36, said session key and said copy of said session key are generated based 
on at least one of said identifier associated with said first network domain and said identifier 
associated with said second network domain (col.l 1 line 51 to col. 13 line 35). 

As per Claim 37, further comprising the steps of: said first cryptographic means 
identifying said shared secret key based on said identifier associated with said second network 
domain; and, said second cryptographic means identifying said shared secret key based on said 
identifier associated with said first network domain (col.l 1 line 51 to col. 13 line 35).. 

As per Claim 38, said first cryptographic means is an Authentication, Authorization and 
Accounting (AAA) server provided in a network node of said first network domain and said 
second cryptographic means is an AAA server provided in a network node of said second 
network domain (colli line 51 to col. 13 line 35). 

As per Claim 39, said first network domain shares a second secret key with a third 
network domain comprising third cryptographic means and at least a third network element 
(Fig. 11-13, and col. 10 line 35 to col.l31ine 35). 
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As per Claim 40, said first network domain is managed by a first communications 
network operator and said second network domain is managed by a second different 
communications network operator (col. 10 line 35 to col.l 1 line 50). 

As per Claim 41, further comprising the step of intermittently replacing said shared secret 
by a new shared secret by basing a key agreement between said first network domain and said 
second network domain on said shared secret (col. 10 line 35 to col.l 1 line 50). 

As per Claim 44, said session key providing means is adapted for securely providing said 
session key from said first cryptographic means to said first network element and said session 
key copy providing means is adapted for securely providing said copy of said session key from 
said second cryptographic means to said second network element (col. 10 line 35 to col.l 1 line 
50). 

As per Claim 45, said freshness token comprises a random challenge and said first 
cryptographic means comprises means for generating an expected response based on said shared 
secret key and said random challenge and said second cryptographic means comprises means for 
generating a response based on said shared secret key and said random challenge, said first 
network domain comprises means for providing said expected response to said first network 
element and said second network domain comprises means for providing said response to said 
first network element, wherein said first network element comprises means for authenticating 
said second network element based on a comparison between said expected response and said 
response (Fig.l 1-13, and col.10 line 35 to col.l31ine 35). 

As per Claim 46, said first cryptographic means comprises an Authentication and Key 
Agreement (AKA) algorithm for generating said random challenge, said expected response and 
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said session key, and said second cryptographic means comprises an AKA algorithm for 
generating said response and said copy of said session key (col.l 1 line 51 to col.13 line 35).. 

As per Claim 47, said first cryptographic means is an Authentication, Authorization and 
Accounting (AAA) server provided in a network node of said first network domain and said 
second cryptographic means is an AAA server provided in a network node of said second 
network domain (col.l 1 line 51 to col.13 line 35). 

As per Claim 48, further comprising a third network domain with third cryptographic 
means and at least a third network element, said first network domain and said third network 
domain share a second secret key (col. 10 line 35 to col. 1 1 line 50). 

As per Claim 49, said first network domain is managed by a first communications 
network operator and said second network domain is managed by a second different 
communications network operator (col. 10 line 35 to col.l 1 line 50). 

As per Claim 50, further comprising means for intermittently replacing said shared secret 
by a new shared secret said shared secret replacing means is adapted for replacing said shared 
secret based on a key agreement between said first network domain and said second network 
domain using said shared secret (col. 10 line 35 to col.l 1 line 50). 

As per Claim 52, said session key providing means is adapted for securely providing said 
session key from said cryptographic means to said first network element (col. 10 line 35 to col.l 1 
line 50). 

As per Claim 53, said freshness token comprises a random challenge and said 
cryptographic means comprises means for generating an expected response based on said shared 
secret key and said random challenge and said external network domain comprises means for 
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generating a response based on said shared secret key and said random challenge, said network 
domain comprises means for providing said expected response to said first network element and 
said external network domain comprises means for providing said response to said first network 
element, wherein said first network element comprises means for authenticating said second 
network element based on a comparison between said expected response and said response 
(Fig. 11-13, and col. 10 line 35 to col.l31ine 35). 

As per Claim 54, said cryptographic means is an Authentication, Authorization and 
Accounting (AAA) server provided in a network node of said network domain (col. 1 1 line 5 1 to 
col.l31ine35).. 

As per Claim 56, said session key providing means is adapted for securely providing said 
session key from said cryptographic means to said first network element (Fig. 1 1-13, and col. 10 
line35tocol.l31ine35). 

As per Claim 57, said freshness token comprises a random challenge and said 
cryptographic means comprises means for generating a response based on said shared secret key 
and said random challenge and said external network domain comprises means for generating an 
expected response based on said shared secret key and said random challenge and means for 
providing said expected response to said second network element, said network domain 
comprises means for providing said response to said second network element, wherein said 
response and said expected response enables said second network element to authenticate said 
first network element (Fig. 1 1-13, and col. 10 line 35 to col.l31ine 35). 
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As per Claim 58, said cryptographic means is an Authentication, Authorization and 
Accounting (AAA) server provided in a network node of said network domain (col. 1 1 line 5 1 to 
col.l3 1ine35). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to SYED ZIA whose telephone number is (571)272-3798. The 
examiner can normally be reached on 9:00 to 5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

sz 

March 1,2010 
/Syed Zia/ 

Primary Examiner, Art Unit 243 1 



